Cryptography

309 readers

16 users here now

Questions, answers, discussions, and literature on the theory and practice of cryptography

founded 1 year ago

MODERATORS

[email protected]

Can RSA be used for web API authentication? (lemy.lol)

submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]

6 comments fedilink hide all child comments

I need to

encrypt JSON payload (not just sign)
not share private key
verify the payload is generated with the shared public key and RSA fitting all of these.

As I've only made auth with JWT so far, I'm not sure. If I use RSA, I guess I have to put the encrypted text in the body.

Do you think it can be used? Any other suggestions?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 1 year ago (1 children)

I don't want to use RSA too but nothing better comes to my mind :)

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

This might help: https://www.scottbrady91.com/jose/json-web-encryption

Looks like it uses RSA so what I said above I think still applies.

EDIT: It is called JWE or JSON Web Encryption for help with what keywords you should search. There are also other symmetric algos you can use with RSA like chacha20, but I think it is best to start with AES just because it has been used for years and is very well documented.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

TIL that RSA allows maximum 245 character payload. But I guess that doesn't apply to JWE. Thanks for the suggestion, I'm researching 🙏🫡